Why IT Accidents, Fraud and GDPR Make Data Recovery Tools Essential For Every Organization

2 weeks ago

By James D’Arezzo

While most cybersecurity efforts are focused outward, most data breaches resulting in lost data are inside jobs. File recovery software should be your first line of defense.

Here’s a fact you probably didn’t know: 60% of data
breaches at organizations are the result of inside jobs, not hackers finding
their way into a company’s network,according to IBM/‌Ponemon
Institute Cost of Data Breach Study1.
Another: up to 95% of investigated security incidents are simple the result of
human error, a mistake on the part of a careless or poorly-trained employee1.

Both stats should serve as a wake-up call for executives
and systems managers. We spend a lot of time and effort trying to protect
ourselves from external threats, when most of the threats we need to be worried
about are instead located right within our own walls; careless or un-informed
employees, those trying to steal confidential information, and in many cases, simply
disgruntled and resentful former employees trying to cause some trouble and
sabotage their employer on the way out the door.

Take, for example, what happened to Pixar while they were
animating Toy Story 2; it’s an old
story, but a bit of animation lore. A staffer working on the movie accidentally
executed a command to delete all the files in the film’s directory, and about
90% of the movie was deleted before anyone caught what was happening.3
Pixar was lucky enough to have backups of almost everything, and they were able
to quickly restore most of the deleted animation files within a few days, but
the incident could have been disastrous.

More recently, a disgruntled former employee at the
Hispanic Center Lehigh Valley in Bethlehem, PA tried to erase all the nonprofit’s
emails and files after a disagreement over her unemployment compensation.3
And in Citrus County, Florida earlier this year, an error by a county
worker resulted in over 6 million emails being deleted4. It happens,
and it happens more often than you think, to the tune of an average $3.86
million in damages per incident, according to the IBM/Ponemon study.

Whether or not data files are lost because of malicious
intent, it’s becoming more and more important for IT departments and admins to
have quick, efficient methods of recovering those files. This is especially
true with the advent of GDPR, the General Data Protection Regulation introduced
in May by the European Union. It places
severe restrictions on the handling of personal data by any organization doing
business in the EU or with EU individuals

GDPR has put stress on IT departments (in the EU and beyond)
to ensure customer privacy and safeguard personal data more effectively than
ever before. While protecting individual’s personal data is no doubt a
priority, GDPR has also greatly amplified the possibility of malicious deletion
requests, thanks to the Right To Be Forgotten (RTBF) provision, which gives
users the right to have their data deleted.

This “right to erasure” gives organizations one month to
delete the user’s personal data and imposes steep penalties if they do not
comply; fines could reach up to 20 million Euros ($24 million), and the damage
to the company’s reputation could be just as costly. They can also be punished
for losing customer’s personal data or failing to secure it properly and
leaving it subject to data breaches. When such an incident occurs to an
organization, they are required to report it to supervisory authorities.

While most RTBF requests are of course legitimate, there’s
the potential for angry customers and disgruntled employees to use the
provision to cause damage, by flooding a company with fraudulent or malicious
RTBF requests they are unprepared to handle. Complying with hundreds or even
thousands of RTBF requests could pause a company’s daily operations, and hundreds
of fraudulent RTBF requests could cause them to lose much of the data so vital
for conducting their business.

So how do organizations and IT departments combat these malicious
abuses of the right to erasure? By equipping themselves with the right tools – tools
that will help them recover fraudulent deletions, as well the merely
accidental. Deletion recovery software, able to find and restore virtually any
deleted or lost file easily and within minutes, becomes essential in such
situations, serving as a fail-safe when even the most secure of firewalls are
breached, or simply accessed from behind. Deletion recovery software can recover
files from both physical servers and virtual storage systems, even if the files
were erased before the software was installed and can tell IT departments who
deleted the files or breached the system, making it nearly impossible for them
to cover their tracks.

Every organization should also have a system that can help
find missing data files as soon as they are noticed missing. Combine such a first
line of defense with effective deletion recovery software, and companies will
be able to find and restore missing data files, avoiding the unpleasant and
often costly obligation of reporting data breaches.

And, if complying with GDPR and the “right to erasure” is
a concern, ensuring that information from legitimate erasure requests is not
restored when recovering accidental deletions. Being able to see exactly who
deleted data files, when they did it and where from, can help IT departments
ensure only the appropriate files are recovered, and those marked for permanent
erasure are actually deleted – for good.

By outfitting their systems with the right deletion
recovery software, in addition to taking the right security measures,
organizations can make protecting themselves against both accidental and
malicious data loss easy, while still ensuring compliance with all GDPR regulations.

About
The Author:

Jim D’Arezzo earned his BA
from John Hopkins University and an MBA from Fordham University, before
embarking on a long and distinguished career in high technology with executive
positions at IBM, Compaq, Autodesk and Radiant Logic, among others. He is
currently CEO of Condusiv (www.condusiv.com), the world leader in delete
recovery software and software-only storage performance solutions for virtual
and physical server environments.